[aws_rules] shorten and clarify rule IDs (#25)

analysis/aws_rules_cis/aws_cloudtrail_created.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_cloudtrail_created.py
-PolicyID: AWS.CloudTrail.CloudTrailCreated
+PolicyID: AWS.CloudTrail.Created
 DisplayName: A CloudTrail Was Created or Updated
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_cloudtrail_stopped.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_cloudtrail_stopped.py
-PolicyID: AWS.CloudTrail.CloudTrailStopped
+PolicyID: AWS.CloudTrail.Stopped
 DisplayName: CloudTrail Stopped
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_config_service_created.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_config_service_created.py
-PolicyID: AWS.CloudTrail.ConfigServiceCreated
+PolicyID: AWS.ConfigService.Created
 DisplayName: AWS Config Service Created
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_config_service_disabled_deleted.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_config_service_disabled_deleted.py
-PolicyID: AWS.CloudTrail.ConfigServiceDisabledDeleted
+PolicyID: AWS.ConfigService.DisabledDeleted
 DisplayName: AWS Config Service Created
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_console_login_failed.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_console_login_failed.py
-PolicyID: AWS.CloudTrail.ConsoleLoginFailed
+PolicyID: AWS.Console.LoginFailed
 DisplayName: Failed Console Login
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_console_login_without_mfa.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_console_login_without_mfa.py
-PolicyID: AWS.CloudTrail.ConsoleLoginWithoutMFA
+PolicyID: AWS.Console.LoginWithoutMFA
 DisplayName: Logins Without MFA
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_ec2_gateway_modified.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_ec2_gateway_modified.py
-PolicyID: AWS.CloudTrail.EC2GatewayModified
+PolicyID: AWS.EC2.GatewayModified
 DisplayName: EC2 Network Gateway Modified
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_ec2_network_acl_modified.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_ec2_network_acl_modified.py
-PolicyID: AWS.CloudTrail.EC2NetworkACLModified
+PolicyID: AWS.EC2.NetworkACLModified
 DisplayName: EC2 Network ACL Modified
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_ec2_route_table_modified.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_ec2_route_table_modified.py
-PolicyID: AWS.CloudTrail.EC2RouteTableModified
+PolicyID: AWS.EC2.RouteTableModified
 DisplayName: EC2 Route Table Modified
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_ec2_security_group_modified.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_ec2_security_group_modified.py
-PolicyID: AWS.CloudTrail.EC2SecurityGroupModified
+PolicyID: AWS.EC2.SecurityGroupModified
 DisplayName: EC2 Security Group Modified
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_ec2_vpc_modified.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_ec2_vpc_modified.py
-PolicyID: AWS.CloudTrail.EC2VPCModified
+PolicyID: AWS.EC2.VPCModified
 DisplayName: EC2 VPC Modified
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_iam_policy_modified.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_iam_policy_modified.py
-PolicyID: AWS.CloudTrail.IAMPolicyModified
+PolicyID: AWS.IAM.PolicyModified
 DisplayName: IAM Policy Modified
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_kms_cmk_loss.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_kms_cmk_loss.py
-PolicyID: AWS.CloudTrail.KMSCustomerManagedKeyLoss
+PolicyID: AWS.KMS.CustomerManagedKeyLoss
 DisplayName: KMS CMK Disabled or Deleted
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_root_activity.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_root_activity.py
-PolicyID: AWS.CloudTrail.RootActivity
+PolicyID: AWS.Root.Activity
 DisplayName: Root Account Activity
 Enabled: true
 ResourceTypes:

analysis/aws_rules_cis/aws_s3_bucket_policy_modified.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_s3_bucket_policy_modified.py
-PolicyID: AWS.CloudTrail.S3BucketPolicyModified
+PolicyID: AWS.S3.BucketPolicyModified
 DisplayName: AWS S3 Bucket Policy Modified
 Enabled: true
 ResourceTypes:

analysis/aws_rules_s3_access_logs/aws_s3_access_error.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_s3_access_error.py
-PolicyID: AWS.S3ServerAccess.AccessError
+PolicyID: AWS.S3.ServerAccess.Error
 DisplayName: AWS S3 Access Error
 Enabled: true
 ResourceTypes:
@@ -19,15 +19,15 @@ Tests:
     Name: Access No Error
     ResourceType: AWS.S3ServerAccess
     ExpectedResult: false
-    Resource: 
+    Resource:
       {
         "otherFields": "values"
       }
   -
     Name: Access Error
     ResourceType: AWS.S3ServerAccess
     ExpectedResult: true
-    Resource: 
+    Resource:
       {
         "errorCode": "NoSuchKey"
       }

analysis/aws_rules_s3_access_logs/aws_s3_access_ip_whitelist.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_s3_access_ip_whitelist.py
-PolicyID: AWS.S3ServerAccess.IPWhitelist
+PolicyID: AWS.S3.ServerAccess.IPWhitelist
 DisplayName: AWS S3 Access IP Whitelist
 Enabled: true
 ResourceTypes:
@@ -19,15 +19,15 @@ Tests:
     Name: Access From Approved IP
     ResourceType: AWS.S3ServerAccess
     ExpectedResult: false
-    Resource: 
+    Resource:
       {
         "remoteIP": "10.0.0.1"
       }
   -
     Name: Access From Unapproved IP
     ResourceType: AWS.S3ServerAccess
     ExpectedResult: true
-    Resource: 
+    Resource:
       {
         "remoteIP": "11.0.0.1"
       }

analysis/aws_rules_s3_access_logs/aws_s3_insecure_access.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_s3_insecure_access.py
-PolicyID: AWS.S3ServerAccess.InsecureAccess
+PolicyID: AWS.S3.ServerAccess.Insecure
 DisplayName: AWS S3 Insecure Access
 Enabled: true
 ResourceTypes:

analysis/aws_rules_s3_access_logs/aws_s3_unauthenticated_access.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_s3_unauthenticated_access.py
-PolicyID: AWS.S3ServerAccess.UnauthenticatedAccess
+PolicyID: AWS.S3.ServerAccess.Unauthenticated
 DisplayName: AWS S3 Unauthenticated Access
 Enabled: true
 ResourceTypes:
@@ -17,7 +17,7 @@ Tests:
     Name: Authenticated Access
     ResourceType: AWS.S3ServerAccess
     ExpectedResult: false
-    Resource: 
+    Resource:
       {
         "bucket" : "example-bucket",
         "requester": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be"
@@ -26,7 +26,7 @@ Tests:
     Name: Unauthenticated Access
     ResourceType: AWS.S3ServerAccess
     ExpectedResult: true
-    Resource: 
+    Resource:
       {
         "bucket" : "example-bucket",
       }

analysis/aws_rules_vpc_flow_logs/aws_vpc_healthy_log_status.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_vpc_healthy_log_status.py
-PolicyID: AWS.VPCFlowLog.HealthyLogStatus
+PolicyID: AWS.VPC.HealthyLogStatus
 DisplayName: AWS VPC Healthy Log Status
 Enabled: true
 ResourceTypes:

analysis/aws_rules_vpc_flow_logs/aws_vpc_inbound_traffic_port_blacklist.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_vpc_inbound_traffic_port_blacklist.py
-PolicyID: AWS.VPCFlowLog.InboundPortBlacklist
+PolicyID: AWS.VPC.InboundPortBlacklist
 DisplayName: VPC Flow Logs Inbound Port Blacklist
 Enabled: true
 ResourceTypes:
@@ -17,7 +17,7 @@ Tests:
     Name: Public to Private IP on Restricted Port
     ResourceType: AWS.VPCFlow
     ExpectedResult: true
-    Resource: 
+    Resource:
       {
       "dstport": 22,
       "dstaddr": "10.0.0.1",
@@ -27,7 +27,7 @@ Tests:
     Name: Public to Private IP on Allowed Port
     ResourceType: AWS.VPCFlow
     ExpectedResult: false
-    Resource: 
+    Resource:
       {
       "dstport": 443,
       "dstaddr": "10.0.0.1",
@@ -37,7 +37,7 @@ Tests:
     Name: Private to Private IP on Restricted Port
     ResourceType: AWS.VPCFlow
     ExpectedResult: false
-    Resource: 
+    Resource:
       {
       "dstport": 22,
       "dstaddr": "10.0.0.1",

analysis/aws_rules_vpc_flow_logs/aws_vpc_inbound_traffic_port_whitelist.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_vpc_inbound_traffic_port_whitelist.py
-PolicyID: AWS.VPCFlowLog.InboundPortWhitelist
+PolicyID: AWS.VPC.InboundPortWhitelist
 DisplayName: VPC Flow Logs Inbound Port Whitelist
 Enabled: true
 ResourceTypes:
@@ -17,7 +17,7 @@ Tests:
     Name: Public to Private IP on Restricted Port
     ResourceType: AWS.VPCFlow
     ExpectedResult: true
-    Resource: 
+    Resource:
       {
       "dstport": 22,
       "dstaddr": "10.0.0.1",
@@ -27,7 +27,7 @@ Tests:
     Name: Public to Private IP on Allowed Port
     ResourceType: AWS.VPCFlow
     ExpectedResult: false
-    Resource: 
+    Resource:
       {
       "dstport": 443,
       "dstaddr": "10.0.0.1",
@@ -37,7 +37,7 @@ Tests:
     Name: Private to Private IP on Restricted Port
     ResourceType: AWS.VPCFlow
     ExpectedResult: false
-    Resource: 
+    Resource:
       {
       "dstport": 22,
       "dstaddr": "10.0.0.1",

analysis/aws_rules_vpc_flow_logs/aws_vpc_unapproved_outbound_dns.yml

@@ -1,6 +1,6 @@
 AnalysisType: rule
 Filename: aws_vpc_unapproved_outbound_dns.py
-PolicyID: AWS.VPCFlowLog.UnapprovedOutboundDNS
+PolicyID: AWS.VPC.UnapprovedOutboundDNS
 DisplayName: VPC Flow Logs Unapproved Outbound DNS Traffic
 Enabled: true
 ResourceTypes: